Sending Logs

You can send events to external solutions, such as SIEM solutions, in various ways.

Sending via Search Filter

You can send events by creating a new filter or modifying an existing filter. Please refer to the following documents:

• Creating Search Filters
• Editing a Search Filter

1. Select the event transmission method.

   • Alarm Transmission (SMS, Email)
   • SYSLOG
   • SNMP Trap
   • Webhook

2. Fill in the items and click the Create or Modify button.

3. Event transmission will begin for logs generated after filter modification.

SYSLOG Integration Example (Splunk)

Integrate with Splunk solution in the following order:

1. In Splunk, configure Local UDP under Settings > Data Inputs.

2. Configure the desired data input port and enter the NAC Policy Server IP in "Only accept connection from". (Optional)

3. In NAC's search filter, check SYSLOG transmission.

4. Enter SYSLOG-related items as follows:

   • Server Address: Splunk server IP
   • Protocol: UDP
   • Transmission Port: Port defined in Splunk (Default port is UDP:514)
   • SYSLOG Message: {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG}, DETAIL={_DETAILMSG}

5. Click the Create button.

SNMP Trap Integration Example

SNMP Trap is primarily used for event transmission between devices, and the setup method is as follows:

1. In NAC's search filter, check SNMP Trap transmission.

2. Enter SNMP Trap-related items as follows:

   • Server Address: SNMP Trap server IP
   • Community: Community defined on the SNMP Trap server
   • SNMP Message: DATETIME={_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG}, DETAIL={_DETAILMSG}
   • CHARSET: Character Set defined on the SNMP Trap server (UTF-8 / EUC-KR)

3. Click the Create button.

Note

To send email notifications, email server settings and administrator email settings must both be completed.

Reference links: Setting up Outbound Mail Server ( SMTP ), Administrator Account